Security

(public)

User Story

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: 3.5.2
When I choose a file that can't be read to be submitted via HTML FORM using INPUT TYPE=FILE, the form is submitted without any warning and the file is uploaded with 0 bytes of data. All other file details are sent without any chance to notice a problem - filename, filetype etc. Server-side application (like PHP) can't guess a problem (as 0 bytes of size is not automatically an error)!
Reproducible: Always
Steps to Reproduce:
1. Create a form with INPUT TYPE=FILE
2. Choose a file that can't be read (like insufficient permission)
3. Submit a form - no warning pops up!
Actual Results:
The form is submited without any warning, the file details (name, mime-type) are sent, but the file is "sent" as 0 bytes of data - unnoticeable by server-side!
Expected Results:
User shall get a message "File could not be opened and thus form was not submited.". It can be considered as a DATA LOSS!